[<prev] [next>] [day] [month] [year] [list]
Message-ID: <1107807880.5021.16.camel@localhost.localdomain>
From: barrie at reboot-robot.net (Barrie Dempster)
Subject: Re: SSH probe attack afoot?
On Sun, 2005-02-06 at 10:09 -0500, Bernie Cosell wrote:
> We're now getting hammered with the third round of ssh probes in the last
> four days [one from CA, one from Brazil and one from Virginia]. I was
> wondering: is there some virus or the like floating around now that
> leaves an ssh-hammering zombie in its wake? Or is it just coincidental
> that we have gotten three floods?
>
> [the probes are just dozens of random-seeming login attempts with a bunch
> of root-password-guesses interspersed]
>
> /Bernie\
Multiple SSH brute force tools,which has been covered on this list and
others a few times over the last year.
http://www.securityfocus.com/archive/75/200407271059.11940.robin@kallisti.net.nz/2005-02-04/2005-02-10/0
http://www.google.com/search?num=100&hl=en&safe=off&q=ssh+brute
+force&spell=1
--
With Regards..
Barrie Dempster (zeedo) - Fortiter et Strenue
blog: http://zeedo.blogspot.com
site: http://www.bsrf.org.uk
[ gpg --recv-keys --keyserver www.keyserver.net 0x96025FD0 ]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050207/63a1c4eb/attachment.bin
Powered by blists - more mailing lists